Privacy Policy

1 Introduction

ContentOrbit AI Ltd ("ContentOrbit AI", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

ContentOrbit AI Ltd is registered in Scotland, United Kingdom, with its registered office at 33 Queen Street, Edinburgh EH2 1JX, United Kingdom. We are registered as a data controller with the Information Commissioner's Office (ICO) in the UK.

Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it. By using our website, platform, or services, you acknowledge that you have read and understood this Privacy Policy.

If you have any questions about this policy or our data practices, please contact us at hello@contentorbit.ai.

2 Information We Collect

We collect several types of information in connection with the operation of our platform and services. The categories of data we may collect include:

Personal Data

Personal data is any information that can be used to identify you as an individual. We may collect the following personal data:

• Full name and email address when you create an account or contact us
• Billing name, address, and payment information (processed securely via Stripe)
• Profile information including job title, company name, and website URL
• Communications you send us, including support tickets and feedback
• Content you create, upload, or generate using our platform

Usage Data

We automatically collect information about how you interact with our services, including:

• Pages visited, features used, and time spent on the platform
• Content types generated, word counts, and project history
• Button clicks, navigation patterns, and search queries within the platform
• Error logs and diagnostic data when issues occur
• Subscription activity including upgrades, downgrades, and cancellations

Technical Data

When you visit our website or use our services, we may automatically receive and record certain technical information, such as:

• IP address and approximate geographic location (country / city level)
• Browser type, version, and operating system
• Device type and screen resolution
• Referring URLs and exit pages
• Session duration and page load times
• Cookie identifiers (see Section 5 for full details)

3 How We Use Your Information

We use the data we collect for specific, legitimate purposes. We rely on the following lawful bases under UK GDPR for processing your personal data:

• Contractual necessity: Processing required to provide the services you have subscribed to
• Legitimate interests: Improving our product, preventing fraud, and ensuring platform security
• Consent: Marketing communications and non-essential cookies (where applicable)
• Legal obligation: Retaining billing records and responding to lawful data requests

Specific Purposes

Your data is used to:

• Create and manage your account and subscription
• Deliver the AI writing, SEO, and content strategy features you use
• Process payments and manage your billing history
• Send you transactional emails (account confirmations, password resets, invoices)
• Send marketing emails if you have opted in — with an easy unsubscribe option in every email
• Analyse usage patterns to improve platform performance and user experience
• Investigate and resolve technical issues or support requests
• Comply with applicable legal and regulatory obligations
• Detect, prevent, and respond to fraud or security incidents

We do not use your content data to train AI models without your explicit, opt-in consent. Your generated content belongs to you.

4 Data Sharing and Disclosure

ContentOrbit AI does not sell, rent, or trade your personal data. We may share your data with trusted third parties only where necessary to provide our services:

Service Providers (Data Processors)

We work with third-party vendors who process data on our behalf under strict data processing agreements:

• Stripe: Payment processing — subject to Stripe's own PCI-DSS certified privacy practices
• Amazon Web Services (AWS): Cloud infrastructure and hosting, with servers located in the EU
• Intercom: Customer support and in-app messaging
• Postmark: Transactional email delivery
• Google Analytics 4: Anonymised website analytics (see Section 5)

Legal Disclosures

We may disclose your personal data if required to do so by law, court order, or governmental authority, or where we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of ContentOrbit AI, our users, or others.

Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business assets, your personal data may be transferred to the acquiring entity. You will be notified via email and/or a prominent notice on our website prior to any such transfer becoming effective.

5 Cookies and Tracking

We use cookies and similar tracking technologies to improve your experience on our platform and website. Cookies are small text files placed on your device by your browser when you visit our site.

Types of Cookies We Use

• Essential cookies: Required for the platform to function correctly. These cannot be disabled without impacting your ability to use our services. Includes session authentication and CSRF protection tokens.
• Analytics cookies: Help us understand how visitors interact with our website using anonymised data. We use Google Analytics 4 with IP anonymisation enabled.
• Preference cookies: Remember your settings such as language, theme, and notification preferences.
• Marketing cookies: Only placed with your explicit consent. Used to measure the effectiveness of our advertising campaigns.

You can manage your cookie preferences at any time by clicking the "Manage Cookie Preferences" button in the sidebar, or by adjusting your browser settings. Withdrawing consent for non-essential cookies will not affect the lawfulness of any processing carried out prior to withdrawal.

6 Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting obligations.

• Account data: Retained for the duration of your account plus 90 days after deletion request, to allow for account recovery if requested
• Content data: Retained while your account is active. Deleted within 30 days of a confirmed account deletion
• Billing records: Retained for 7 years to comply with UK financial record-keeping requirements
• Support communications: Retained for 3 years after the ticket is resolved
• Analytics data: Aggregated and anonymised analytics are retained indefinitely; individual session data is deleted after 26 months

When data is no longer required, we ensure it is securely deleted or anonymised so that it can no longer be associated with you as an individual.

7 Your Rights (GDPR)

As a data subject under UK GDPR and EU GDPR, you have significant rights over your personal data. ContentOrbit AI is committed to upholding these rights fully and promptly. We will respond to all valid requests within one month.

To exercise any of these rights, please email us at hello@contentorbit.ai with the subject line "Data Rights Request". We may need to verify your identity before processing your request. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data rights have not been respected.

8 Data Security

We take the security of your personal data seriously and have implemented technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, or disclosure.

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3 (HTTPS)
• Encryption at rest: All stored data, including account information and content, is encrypted using AES-256
• Access controls: Strict role-based access controls limit which ContentOrbit AI employees can access user data, with audit logs maintained for all access events
• Two-factor authentication: Available and encouraged for all user accounts
• Regular security audits: We conduct penetration testing and vulnerability assessments at least annually
• Incident response: We have a documented data breach response procedure and will notify affected users and the ICO within 72 hours of becoming aware of a breach that poses a risk to your rights and freedoms

While we implement robust security measures, no system is entirely immune to risk. We encourage you to use a strong, unique password for your ContentOrbit AI account and to enable two-factor authentication.

9 International Transfers

ContentOrbit AI is headquartered in the United Kingdom. However, some of our third-party service providers operate outside the UK and European Economic Area (EEA). Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office
• Adequacy decisions where the destination country has been determined to offer equivalent data protection standards
• Binding Corporate Rules for intra-group transfers, where applicable

Our primary cloud infrastructure is hosted on AWS within EU regions (Ireland and Frankfurt). Data processing by US-based vendors such as Intercom is governed by Data Processing Addendums (DPAs) incorporating UK and EU SCCs.

10 Children's Privacy

ContentOrbit AI's services are intended for business and professional use and are not directed at children. We do not knowingly collect personal data from individuals under the age of 16.

If you believe that a child under 16 has provided personal information to us without appropriate parental consent, please contact us immediately at hello@contentorbit.ai. Upon verification, we will promptly delete such data from our systems.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify registered users via email at least 30 days before material changes take effect
• Display a notice on our platform and website
• Where required by law, seek renewed consent for new processing activities

We encourage you to review this policy periodically. Your continued use of ContentOrbit AI following the effective date of any changes constitutes acceptance of those changes.

12 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way ContentOrbit AI processes your personal data, please get in touch with our Data Protection team:

If you are not satisfied with our response, you have the right to lodge a complaint with the UK supervisory authority: